X.Org Server Hit By Its Latest Batch Of Security Vulnerabilities

Four more CVEs were made public today around input validation failures in the X.Org Server that could lead to local privilege escalation. This is for cases where the X.Org Server is still running as a privileged process and supporting remote code execution for SSH X forwarding sessions.
The security issues involve out-of-bounds writes with different aspects of the X.Org Server around render, xfices, xext, and record code.
* CVE-2021-4008/ZDI-CAN-14192 SProcRenderCompositeGlyphs out-of-bounds access
The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write.
* CVE-2021-4009/ZDI-CAN 14950 SProcXFixesCreatePointerBarrier out-of-bounds access
The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write.
* CVE-2021-4010/ZDI-CAN-14951 SProcScreenSaverSuspend out-of-bounds access
The handler for the Suspend request of the Screen Saver extension does not properly validate the request length leading to out of bounds memory write.
* CVE-2021-4011/ZDI-CAN-14952 SwapCreateRegister out-of-bounds access
The handlers for the RecordCreateContext and RecordRegisterClients requests of the Record extension do not properly validate the request length leading to out of bounds memory write.
These latest vulnerabilities were found as part of the Trend Micro Zero Day Initiative. Fixes are pending in X.Org Server Git.
More details via the security advisory.
These security advisories do impact XWayland for which XWayland 21.1.4 saw an update this morning.
53 Comments